<?php
session_start();
include_once '../comm/config.php';
include_once '../comm/msgset.php';
include_once '../comm/checkpostandget.php';

$name = trim($_POST['username']);
$pwd = trim($_POST['password']);
$md5pwd = md5($pwd);
$from = trim($_POST['from']);
$sj = date("Y-m-d H:i:s");

if ($name == "" || $name == "网站客服"  || $pwd == "") {
	echo "<script language=javascript>window.location='error.php?id=0';</script>";
	exit;
}

if (UC == 1) {
	include '../data/config.inc.php';
	include '../uc_client/client.php';

	/////////////////////////////////////
	$uc_name = iconv("utf-8", "utf-8", $name);
	list ($uid, $uc_name, $pwd, $email) = uc_user_login($uc_name, $pwd);
	/////////////////////////////////////
    $link = mysql_connect($dbserver, $dbuser, $dbpass);
	mysql_select_db($dbname);
    mysql_query("set names utf8");
	if ($uid > 0) {
		$sql = "SELECT Id,dengji FROM " . $BIAOTOU . "user WHERE ddusername='" . $name . "'";
		$query = mysql_query($sql);
		$dduser = mysql_fetch_array($query);
		$Id = $dduser['Id'];
		$dengji = $dengji['dengji'];
		if (!$Id) { //判断用户是否存在于用户表，不存在则加到多多的会员表中
			$insert = "INSERT INTO " . $BIAOTOU . "user(Id,ddusername,ddpassword,email,qq,regtime,lastlogintime,loginnum,tjr,pass_question,pass_answer,money,dengji) values ('$uid','$name','$pwd','$email','$qq','$sj','$sj',1,'$tjr','$question','$answer','" . ZHUCESONG . "','" . ZHUCESONGLEVEL . "')";
			mysql_query($insert);
			$tg = round(TGBL / FXBL * 100, 2);
			$msg_zhuce = str_replace("[name]", $name, $msg_zhuce);
			$msg_zhuce = str_replace("[WEBTITLE]", WEBTITLE, $msg_zhuce);
			$msg_zhuce = str_replace("[tg]", $tg, $msg_zhuce);
			$insert = "INSERT into " . $BIAOTOU . "msg(ddusername,title,content,addtime,senduser) values ('$name','欢迎注册" . WEBTITLE . "','" . $msg_zhuce . "','" . $sj . "','网站客服')";
			mysql_query($insert);

			if (ZHUCESONG != 0) {
				$insert = "INSERT INTO " . $BIAOTOU . "mingxi(ddusername,shijian,je,addtime,memo) values ('" . $name . "','注册赠送','" . ZHUCESONG . "','" . $sj . "','注册赠送金额" . ZHUCESONG . "元')";
				mysql_query("set names utf8");
				mysql_query($insert);
				$msg_zhucesong = str_replace("[ZHUCESONG]", ZHUCESONG, $msg_zhucesong);
				$insert = "INSERT into " . $BIAOTOU . "msg(ddusername,title,content,addtime,senduser) values ('$name','注册赠送','" . $msg_zhucesong . "','$sj','网站客服')";
				mysql_query($insert);
			}
		}
	}
}
elseif (UC == 0) {
	$sql = "select `Id`,`dengji` from " . $BIAOTOU . "user where `ddusername`='$name' and `ddpassword`='$md5pwd'";
	$query = mysql_query($sql);
	$row = mysql_fetch_array($query);
	$uid = $row[0];
	$dengji = $row[1];
}

if ($uid > 0) { //如果会员存在
	$sql = "update " . $BIAOTOU . "user set ddpassword='" . $md5pwd . "',loginnum=loginnum+1 ,lastlogintime='".$sj."' where `ddusername`='" . $name . "'"; //不管是否修改过，都更新密码
	mysql_query($sql);
	$_SESSION["ddusername"] = $name;
	$_SESSION["dduserid"] = $uid;
	$_SESSION["dduserlevel"] = $dengji;
	setcookie("ddusername", $name, time() + 1000 * 24 * 60 * 60, "/", SURL);
	setcookie("ddpassword", $md5pwd, time() + 1000 * 24 * 60 * 60, "/", SURL);
	setcookie("dduserid", $uid, time() + 1000 * 24 * 60 * 60, "/", SURL);
	if (UC == 1) {
		echo $ucsynlogin = uc_user_synlogin($uid); //同步登陆代码
	}
	if ($from) {
		echo "<script language=javascript>window.location='" . $from . "';</script>";
	} 
	else {
		echo "<script language=javascript>window.location='center.php';</script>";
	}
} 
else {
	echo "<script language=javascript>window.location='error.php?id=3';</script>";
}

mysql_close($link);
?>